|
|
|
|
|
|
by heavyset_go
2418 days ago
|
|
|
> I hope we can all agree that notarization is pretty valuable to users. I don't. As a user, I don't need Apple arbitrarily allowing big players' apps through their approval process while they hold smaller developers to a stricter standard. That will stifle innovation. If security is the touted excuse, macOS already has sandboxd[1] which can be used with arbitrary apps that aren't in the App Store. Linux solved the security problem with Snaps, Flatpaks and AppImages, which all use various layers of containers, kernel namespaces and isolation to provide a sandboxed environment for apps. [1] https://developer.apple.com/library/archive/documentation/Se... |
|
|
And sandboxing is completely orthogonal to the fine-grained revocation that notarization allows for. A sandboxed app could still be malicious: say, a weather app that asks for access to your Contacts ostensibly to show weather at your friends' location, but also uploads all the Contacts info to a malicious tracking service. With notarization, this app could have its notarization revoked once it's discovered.